6.9 KiB
6.9 KiB
Complete Path Review: DNS to VM Service
Date: 2026-01-21
Domain: explorer.d-bis.org
Status: ⚠️ NPMplus Not Running - Needs Fix
Path Architecture
Internet → DNS (76.53.10.36) → UDM Pro Port Forward → NPMplus (192.168.11.166) → VMID 5000 (192.168.11.140:80)
Review Results by Hop
✅ HOP 1: DNS Resolution
Status: ✅ WORKING
- DNS A Record:
explorer.d-bis.org→76.53.10.36✅ - DNS Type: A Record (DNS Only - gray cloud in Cloudflare)
- Public IP: 76.53.10.36 (Spectrum ISP IP block)
- Configuration: Correct
No action needed
⚠️ HOP 2: UDM Pro Port Forwarding
Status: ⚠️ NEEDS VERIFICATION
Expected NAT Rules:
76.53.10.36:80→192.168.11.166:80(HTTP)76.53.10.36:443→192.168.11.166:443(HTTPS)
Verification:
- Cannot directly test from this location
- NPMplus port 80/443 not reachable (likely because NPMplus is down)
Action Required:
- Verify UDM Pro port forwarding rules are active
- Check firewall rules allow traffic to NPMplus
- Test once NPMplus is running
❌ HOP 3: NPMplus Service & Configuration
Status: ❌ NOT RUNNING - CRITICAL ISSUE
Container Status
- VMID: 10233
- Node: r630-01
- IP: 192.168.11.166
- Status: ❌ NOT RUNNING
Docker Service
- Status: ❌ NOT RUNNING
Listening Ports
- Port 80: ❌ NOT LISTENING
- Port 443: ❌ NOT LISTENING
Proxy Host Configuration
- Domain: explorer.d-bis.org
- Status: ❌ NOT CONFIGURED
Expected Configuration:
{
"domain_names": ["explorer.d-bis.org"],
"forward_scheme": "http",
"forward_host": "192.168.11.140",
"forward_port": 80,
"ssl_forced": false,
"enabled": true
}
Action Required:
-
Start NPMplus container:
ssh root@192.168.11.10 ssh root@r630-01 pct start 10233 -
Wait for NPMplus to be ready (1-2 minutes):
pct exec 10233 -- docker ps | grep npmplus -
Configure proxy host (via web UI or API):
- Access:
https://192.168.11.166:81 - Add Proxy Host:
- Domain Names:
explorer.d-bis.org - Scheme:
http - Forward Hostname/IP:
192.168.11.140 - Forward Port:
80 - Cache Assets: Yes
- Block Common Exploits: Yes
- Websockets Support: No
- Domain Names:
- Access:
✅ HOP 4: Target VM (VMID 5000) Configuration
Status: ✅ FULLY OPERATIONAL
Container Status
- VMID: 5000
- Node: r630-02
- IP: 192.168.11.140
- Status: ✅ RUNNING
Nginx Service
- Status: ✅ RUNNING
- Port 80: ✅ LISTENING
- Configuration: ✅ VALID
- server_name: ✅ Includes explorer.d-bis.org
Frontend
- File: ✅ Exists (
/var/www/html/index.html) - Size: 157,947 bytes
- Permissions: ✅ Correct (www-data:www-data)
Local HTTP Response
- Status: ✅ HTTP 200
No action needed - VMID 5000 is working perfectly
Complete Path Status
| Hop | Component | Status | Notes |
|---|---|---|---|
| 1 | DNS Resolution | ✅ Working | explorer.d-bis.org → 76.53.10.36 |
| 2 | UDM Pro Port Forward | ⚠️ Unknown | Needs verification when NPMplus is up |
| 3 | NPMplus Service | ❌ NOT RUNNING | CRITICAL - Must fix |
| 3 | NPMplus Config | ❌ NOT CONFIGURED | CRITICAL - Must fix |
| 4 | VMID 5000 | ✅ Working | All services operational |
Root Cause
Primary Issue: NPMplus container (VMID 10233) is not running
This breaks the entire path:
- DNS resolves correctly ✅
- UDM Pro port forwarding cannot be verified (NPMplus down)
- NPMplus cannot route to VMID 5000 ❌
- VMID 5000 is working perfectly ✅
Fix Steps
Step 1: Start NPMplus Container
# From Proxmox host or node
ssh root@192.168.11.10
ssh root@r630-01
# Start container
pct start 10233
# Wait for it to start
sleep 10
# Check status
pct status 10233
Step 2: Verify NPMplus Docker Service
# Check docker container
pct exec 10233 -- docker ps | grep npmplus
# Check if web UI is accessible
pct exec 10233 -- curl -k https://localhost:81
Step 3: Configure Proxy Host
Option A: Via Web UI
- Access:
https://192.168.11.166:81 - Login with credentials
- Go to: Proxy Hosts → Add Proxy Host
- Configure:
- Domain Names:
explorer.d-bis.org - Scheme:
http - Forward Hostname/IP:
192.168.11.140 - Forward Port:
80 - Cache Assets: ✅ Yes
- Block Common Exploits: ✅ Yes
- Websockets Support: ❌ No
- Domain Names:
- Save
Option B: Via API (if credentials available)
# Get auth token
TOKEN=$(curl -s -k -X POST "https://192.168.11.166:81/api/tokens" \
-H "Content-Type: application/json" \
-d '{"identity":"EMAIL","secret":"PASSWORD"}' | jq -r '.token')
# Create/update proxy host
curl -k -X POST "https://192.168.11.166:81/api/nginx/proxy-hosts" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"domain_names": ["explorer.d-bis.org"],
"forward_scheme": "http",
"forward_host": "192.168.11.140",
"forward_port": 80,
"cache_assets": true,
"block_exploits": true,
"websockets_support": false,
"enabled": true
}'
Step 4: Verify UDM Pro Port Forwarding
Once NPMplus is running, verify UDM Pro port forwarding:
76.53.10.36:80→192.168.11.166:8076.53.10.36:443→192.168.11.166:443
Step 5: Test End-to-End
# Test from NPMplus to target
curl -H "Host: explorer.d-bis.org" http://192.168.11.140:80/
# Test external access
curl -I https://explorer.d-bis.org
Configuration Reference
Current Correct Configuration
DNS (Cloudflare):
- Type: A
- Name: explorer.d-bis.org
- Content: 76.53.10.36
- Proxy Status: DNS Only (gray cloud)
UDM Pro (Expected):
- External IP: 76.53.10.36:80 → Internal: 192.168.11.166:80
- External IP: 76.53.10.36:443 → Internal: 192.168.11.166:443
NPMplus (Required):
- Domain: explorer.d-bis.org
- Forward: http://192.168.11.140:80
- SSL: Let's Encrypt (auto)
VMID 5000 (Current):
- Nginx: ✅ Running on port 80
- Frontend: ✅ Deployed at /var/www/html/index.html
- Blockscout API: ✅ Running on port 4000
- Configuration: ✅ Valid
Summary
Working Components:
- ✅ DNS resolution
- ✅ VMID 5000 (nginx, frontend, Blockscout)
- ✅ Network connectivity
Issues to Fix:
- ❌ NPMplus container not running (VMID 10233)
- ❌ NPMplus proxy host not configured
- ⚠️ UDM Pro port forwarding needs verification
Priority: HIGH - NPMplus is the critical missing link
Once NPMplus is started and configured, the complete path should work end-to-end.
Scripts Created:
scripts/review-full-path-dns-to-vm.sh- Complete path reviewscripts/fix-npmplus-for-explorer.sh- Fix NPMplus configuration
Next Steps: Start NPMplus container and configure proxy host